Skip to Main Content
  • Questions

  • login as sysdba remotely without any other prompts / or grant a user for example system shutdown and startup privilege

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, murali.

Asked: June 14, 2017 - 6:52 pm UTC

Last updated: February 15, 2019 - 1:58 am UTC

Version: 12c

Viewed 10K+ times! This question is

You Asked

Hi ,

we are testing remote db setup and from application team we have to run scripts which were using sysdba earlier , but now we want to run those same scripts on a remote db from a application machine . So there are few places where we have to startup and shutdown the remote DB or run few sysdba commands ( inside a shell script ) .

So is it possible to run the scripts as sysdba with out prompting for any another input or if system user can be granted privs to shutdown and startup the database .

Thanks.

and Connor said...

Yes, you need to

a) create a password file

https://docs.oracle.com/database/121/ADMIN/dba.htm#ADMIN12478

b) set remote_login_passwordfile to allow the password file to be used

https://docs.oracle.com/database/122/REFRN/REMOTE_LOGIN_PASSWORDFILE.htm#REFRN10184

Then as long as your database registers with its listener (which it should already be doing), then this allow connections from remote machines as sysdba, ie,

connect user/pass@remote_db as sysdba


Some more details here

https://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:670117794561

in terms of keeping the passwords in sync.

Rating

  (6 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Is something changed in oracle 18c?

A reader, January 31, 2019 - 1:27 pm UTC

I have created an spfile and :
NAME TYPE VALUE
remote_login_passwordfile string EXCLUSIVE

But i cant connect remotely, and:
SQL> grant sysdba to dni;
grant sysdba to dni
*
ERROR at line 1:
ORA-01994: Password file missing or disabled

SQL> select * from V_$PWFILE_USERS;

no rows selected

Wat i have doing wrong?


Thanks and regards.
Connor McDonald
February 01, 2019 - 2:58 pm UTC

No - 18c is pretty much 12.2.0.2 and nothing significant has changed in this area. I would suspect your spfile is incorrectly named or in the wrong location?

Daniel, February 05, 2019 - 12:11 pm UTC

Hi.
I think it's ok.

He must be in $ORACLE_HOME/dbs/orapwdSID not?

ps -ef | grep pmon | grep -v grep
oracle 24827 1 0 Jan31 ? 00:00:24 ora_pmon_expweb

ls $ORACLE_HOME/dbs/orapwdexpweb
/u01/app/oracle/product/18.0.0/dbhome_1//dbs/orapwdexpweb

Thanks.

Connor McDonald
February 06, 2019 - 12:47 am UTC

How about "ls -l" - you might have a permissions issue.


A reader, February 11, 2019 - 12:04 pm UTC

Nop

[oracle@itaul4634 ~]$ ls -l $ORACLE_HOME/dbs/orapwdexpweb
-rw-r----- 1 oracle oinstall 2048 Feb 4 12:23 /u01/app/oracle/product/18.0.0/dbhome_1//dbs/orapwdexpweb

And a directory level oracle has all permisions

> /u01/app/oracle/product/18.0.0/dbhome_1//dbs/AAA
ls -l /u01/app/oracle/product/18.0.0/dbhome_1//dbs/AAA
-rw-r--r-- 1 oracle oinstall 0 Feb 11 08:34 /u01/app/oracle/product/18.0.0/dbhome_1//dbs/AAA
rm /u01/app/oracle/product/18.0.0/dbhome_1//dbs/AAA

Can you try it in any test installation?

Regards.
Connor McDonald
February 12, 2019 - 1:10 am UTC

Can you try it in any test installation?


The "problem" is, it works fine on my machine (which of course does not help you :-))

Maybe try remove the trailing slash from your ORACLE_HOME

A reader, February 12, 2019 - 7:25 am UTC

Solved.
The problem was caused by the 12.1 password compatibility.
I've put a new password and removed the: "format=12" then it works fine.

orapwd file=$ORACLE_HOME/dbs/orapwexpweb password=Hello-1234 entries=12
sqlplus / as sysdba
....

SQL> grant sysdba to dni;
Grant succeeded.

Thanks very much!!
Regards.
Connor McDonald
February 14, 2019 - 4:45 am UTC

It might have helped if you'd shared that you initially created it with format=12 :-)

But thanks for getting back to us - this will help others.

Racer I., February 14, 2019 - 10:01 am UTC

Hi,

Mmh. This says format=12 is the default, but this probably changes from version to version, don't know which ones this is from and which one the last reader has. May also have migrated it which can skip the complexity rules apparently.

format - use format=12 for new 12c features like SYSBACKUP, SYSDG and
SYSKM support, longer identifiers, etc.
If not specified, format=12 is default (optional),

Also format=12 activates complexity requirements, but if these are not fulfilled the orapwd call will fail.

So its still unclear how leaving off format-12 helped in this case.

regards,

close sesame

Racer I., February 14, 2019 - 10:07 am UTC

Hi,

Very likely due to this :
http://christian-gohmann.de/2017/05/08/orapwd-enforces-password-complexity-rules-in-12-2-0-1/

Using the older 12c format has the disadvantage, that the following features are not supported.

Granting administrative privileges to external users

regards,
Connor McDonald
February 15, 2019 - 1:58 am UTC

Nice input.
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.